I'm looking for some input on how to integrate Facebook Connect into Q2A. By extension the same approach will be used for other single-sign-on implementations in future. Here's what I am thinking at the moment - please let me know what you think:

To enable Facebook Connect, each installation of Q2A will need to sign up for a Facebook application ID and secret key. (This is inevitable.)

On Q2A sites with Facebook Connect enabled, if a user is not logged in, the Facebook Connect button appears on both the login and register pages.

Clicking this button will take a user to the usual Facebook confirmation, to allow the site to get access to the user's details.

When logging in for the first time via Facebook Connect, a new Q2A account will be created for the user, which is associated with their Facebook ID.

Each time a user logs in to Q2A via Facebook Connect, i.e. not only the first time, their Q2A account will be populated with the email and picture from their Facebook account. On their first login, their handle will also be set based on their name - if it's a duplicate of another user's, it will be transformed in some appropriate way to make it unique.

Users logged in via Facebook Connect cannot set their email manually via their account page, since anyway this will be updated from Facebook in future. They can however change their handle, and choose whether to show their Facebook avatar, or a different avatar instead.

A Q2A account associated with Facebook Connect can only be accessed via Facebook Connect, and not logged into another way.

On second thoughts I think users who come via FB Connect should be able to modify their email as well. When they first sign in via FB, their email will be marked as confirmed (since Facebook requires this), but if they change it later in Q2A, they'll need to confirm it again the usual way.

Another change to the above. Because of how Facebook's Javascript API works, it made more sense to offer the Facebook login button alongside the standard Login/Register links at the top right, rather than only as an option on the login/register pages. And if a user logs in via Facebook, they will see the Facebook logout button in the top right, rather than the standard Q2A logout. This is necessitated by Facebook's terms and conditions.

Everything seems fine except the final point. I would expect that users should be able to change their sign-in method if they want. For example they may delete their FB account, or change OpenID, or their provider may announce they are closing down. Also, anyone who has currently signed up with a regular account may want to switch to FB/OpenID.

For the login/register page, it would be nice to have something similar to Stack Overflow's page with links for Google, Yahoo, Facebook and so on.

Excellent, thank You so much, I wasnt sure what "next" finally means..
As I understand, a user could have two accounts, one only at q2a and one through facebook ? No problem for me, and once i quit facebook, i still have an account here. And, once a facebook user has changed his data it is not overwritten each time he enters through facebook. Very nice work !